US10447709B2 - Methods and systems for integrating reconnaissance with security assessments for computing networks - Google Patents
Methods and systems for integrating reconnaissance with security assessments for computing networks Download PDFInfo
- Publication number
- US10447709B2 US10447709B2 US12/980,524 US98052410A US10447709B2 US 10447709 B2 US10447709 B2 US 10447709B2 US 98052410 A US98052410 A US 98052410A US 10447709 B2 US10447709 B2 US 10447709B2
- Authority
- US
- United States
- Prior art keywords
- network
- security
- attack surface
- reconnaissance
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Definitions
- aspects of the disclosure relate generally to computer security.
- malware In today's distributed computing environments, security is of the utmost importance. Due to the rise of wide-area public networks, users have unlimited access to content, e.g. data, files, applications, programs, etc., from a variety of sources. Additionally, the users' connection to the public networks provides a window for malicious entities to attack the user's computing systems. Malicious entities utilize this ease of accessibility and anonymity to attack the users. For example, the malicious entities can plant viruses, Trojans, or other malicious agents in publicly available content in order to attack the users' computing systems and steal sensitive information from the users and can attack the users' system remotely across the public networks.
- FIG. 1 is block diagram of an exemplary environment in which a reconnaissance and assessment tool can be utilized, according to various embodiments.
- FIG. 2 is a block diagram of an exemplary configuration of the reconnaissance and assessment tool, according to various embodiments.
- FIG. 3 is a flow diagram of exemplary processes performed by the reconnaissance and assessment tool, according to various embodiments.
- FIG. 4 is a block diagram of an exemplary computing system, according to various embodiments.
- a reconnaissance and assessment (RA) tool can receive base information about the network, such as basic network information and details about an entity and personnel associated with network.
- the RA tool can utilize the base information to perform reconnaissance procedures on the network to identify the attack surface of the network.
- the RA tool can perform reconnaissance on the network, itself, and on other external sources, such as third party databases, third party search engines, and partner networks.
- the RA tool can perform security assessments on the attack surface.
- the RA tool can perform additional reconnaissance and security assessments based on the additional information.
- the RA tool can gather a complete picture of the network before running the security assessment. As such, the RA tool can identify and assess “forgotten,” unrecorded, or unidentified components of the network which may be unknown to users and administrator of the network. Thus, RA tool can improve the overall security assessment of the network. Moreover, by utilizing information found during the security assessments to perform additional reconnaissance and security assessments, the RA tool can feed the information back into the reconnaissance in order to locate unrecorded or unidentified components not located and considered during typically security assessments.
- FIG. 1 illustrates an exemplary environment 100 in which a reconnaissance and assessment (RA) tool 102 can identify the attack surface of a network environment 104 , which potentially pose a security risk to the network environment 104 , and can perform security assessments on the attack surface. While FIG. 1 illustrates various systems contained in the environment 100 , one skilled in the art will realize that these systems are exemplary and that the environment 100 can include any number and type of systems.
- RA reconnaissance and assessment
- the network environment 104 can represent the computing systems and network hardware of public or private entities, such as governmental agencies, individuals, businesses, partnerships, companies, corporations, etc., utilized to support the entities.
- the network environment 104 can includes various types of servers such as file servers 106 , web servers 108 , application servers 110 , database servers 112 , and email servers 113 .
- the network environment 104 can include computing systems 114 and 116 , which can be any type of conventional computing systems, such as desktops, laptops, etc, used by the personnel of the entities.
- the computing systems in the network environment 104 can include hardware resources, such as processors, memory, network hardware, storage devices, and the like, and software resources, such as operating systems (OS), application programs, and the like.
- OS operating systems
- the network environment 104 can include other types of conventional network hardware such as gateways, routers, wireless access points, and the like that support any type of communications networks, such as wide-area networks or local-area networks whether wired or wireless, to allow the computing systems in the network environment to communicate.
- the network environment 104 can include a gateway 118 that allows the computing systems of the network environment 104 to access a public network 122 , such as the Internet.
- the computing systems 116 can be connected to other computing systems of the network environment 104 by a wireless access point 118 .
- the network environment 104 can include any type of conventional network hardware that allows the computing systems of the network environment to communicate with one another.
- the network environment 104 can be connected to and communicate with one or more partner networks 123 .
- the partner networks 123 can be separate from the network environment 104 but provide computing services to the network environment 104 .
- the partner networks 123 can provide services such as email hosting (e.g. GoogleTM mail), document storage services (e.g. Google docs), website hosting services, cloud computing services (e.g. Google cloud, AmazonTM EC2, etc.).
- email hosting e.g. GoogleTM mail
- document storage services e.g. Google docs
- website hosting services e.g. Google cloud, AmazonTM EC2, etc.
- cloud computing services e.g. Google cloud, AmazonTM EC2, etc.
- the partner networks 123 can be any type of computing systems and networks that can provide computing services to the network environment 104 .
- the computing systems and network hardware in the environment 100 can be located at any location, whether located at single geographic location or remotely located from each other.
- the network environment 104 can represent the systems and hardware of a company that is located in multiple geographic locations.
- one or more of the computing systems and network hardware can be located at one location (e.g. one office of the company) and one or more of the computing systems and network hardware can be located at one or more different locations (e.g. satellite offices of the company).
- the owners, administrators, and users of the network environment 104 can desire to identify any security risks or threats in the network environment 104 .
- the RA tool 102 can be utilized to identify attack surface of the network environment 104 and to assess the security risks that the attack surface poses.
- the attack surface of the network environment 104 includes any access point, component, software, data, and the like of the network environment 104 , which potentially poses a security risk to the network environment 104 , by allowing an attacker to potentially gain access to the network environment 104 .
- the attack surface of the network environment 104 can include the computing systems (e.g.
- the attack surface of the network environment 104 can also include the software installed and/or stored on the computing systems and network hardware of the network environment 104 . Additionally, the attack surface of the network environment 104 can include services and information that are hosted and maintained by the computing systems and network hardware, such as web pages, email addresses, network forums, and the like. Also, the attack surface of the network environment 104 can include the computing services provided by the one or more partner networks 123 .
- the RA tool 102 can be configured to receive base information about the network environment 104 .
- the base information can include any basic information that describes the network environment 104 .
- the base information can include a name of the entity associated with the network environment 104 (e.g. company or corporation name), names of personnel using the network environment 104 (e.g. essential employees names), basic network information for the network environment 104 (e.g. key network addresses, key hostnames, key network address ranges, etc).
- the RA tool 102 can be configured to receive the base information from a person associated with the network environment 104 , for example, an administrator of the network environment 104 .
- the RA tool 102 can be configured to create and output command line interfaces and/or graphical user interfaces (GUIs) that allow a user to enter the base information.
- GUIs graphical user interfaces
- the RA tool 102 can be configured to perform the reconnaissance using the base information in order to identify the attack surface of the network environment 104 .
- the RA tool 102 can be configured to utilize reconnaissance procedures and agents on the network environment 104 and to utilize reconnaissance procedures and agents on other sources external to the network environment 104 in order to identify the attack surface of the network environment 104 .
- the reconnaissance procedures and agents can include procedures and agents that determine the attack surface by scanning, searching, querying, and/or interrogating the computing systems and network hardware of the network environment 104 .
- the reconnaissance procedures can include performing network analysis on the structure of the network environment 104 (e.g.
- the BGP maps analysis, traceroutes, web crawling, wireless access point search, etc.) to identify all the computing systems and network hardware of the network environment 104 .
- the reconnaissance procedures can include searching the computing systems and network hardware to identify any services and information (e.g. websites, email addresses) hosted by the network environment 104 .
- the reconnaissance agents can include software programs or code that execute on the computing systems and network hardware of the network environment 104 (e.g. network taps, phishing agents) to identify the attack surface of the network environment 104 .
- the RA tool 102 can be configured to utilize reconnaissance procedures and agents on other sources external to the network environment 104 based on the base information in order to identify the attack surface of the network environment 104 .
- the external sources can be third party databases 124 and search engines 126 (e.g. Linkedin, Google, FacebookTM, whois, etc.) that can include information about the attack surface of the network environment 104 .
- the RA tool 102 can search the third party databases 124 and the search engines 126 based on the name of the entity and personnel associated with the entity in order to identify the attack surface such as websites, email addresses, etc.
- the external sources can also be the partner networks 123 that can provide computing services to the network environment 104 .
- the reconnaissance procedures can include performing network analysis on the structure of the network environment 104 to identify any computing services provided by the partner networks 123 .
- the reconnaissance procedures can include searching the partner networks 123 to identify any services and information (e.g. websites, email addresses) hosted by the partner networks 123 .
- the reconnaissance agents can include software programs or code that executes on the partner networks 123 to identify the attack surface of the network environment 104 .
- the RA tool 102 can be configured to automatically utilize all the reconnaissance procedures and agents available. Likewise, the RA tool 102 can be configured to allow the user of the RA tool 102 to select particular reconnaissance procedures and agents to utilize. For example, the RA tool 102 can be configured to create and output command line interfaces and/or GUIs that display available reconnaissance procedures and agents and that allow the user to select the reconnaissance procedures and agents to utilize.
- the RA tool 102 can be configured to automatically select and perform security assessments on the attack surface.
- the RA tool 102 selects the security assessment that matches a type of a part of the attack surface. For example, if the RA tool 102 identifies a website connected to the network environment 104 , the RA tool 102 can select a web scanner and a vulnerability assessment scanner to assess the identified website. Likewise, for example, if the RA tool 102 identifies a group of unencrypted documents, the RA tool 102 can be configured to select a data leakage prevention (DLP) tool to insure there is no data leakage.
- DLP data leakage prevention
- the RA tool 102 can invoke a social engineering penetration testing tool to conduct phishing attacks for more information.
- the RA tool 102 can be configured to select and perform any type of known security assessments on the attack surface, such as web scanner, vulnerability assessment scanners, penetration testing tools, DLP tools, social engineering penetration test, and the like.
- the RA tool 102 can be configured to display the attack surface of the network environment 104 and the available security assessments to perform on the attack surface to the user of the RA tool 102 .
- the RA tool 102 can be configured to create and output command line interfaces and/or GUIs that display the attack surface of the network environment 104 and the available security assessments to perform on the attack surface.
- the RA tool 102 can be configured to allow the user select a particular part of the attack surface to assess and the security assessment to perform.
- the RA tool 102 can be configured to display the results of the security assessments to the user of the RA tool 102 .
- the results can include an indication if parts of the attack surface are a security threat.
- the RA tool 102 can also include other information, for example, details of the security threat and a ranking of the security threat.
- the RA tool 102 can be configured to create and output command line interfaces and/or GUIs that display the results of the security assessments.
- the RA tool 102 can be configured to utilize the results of the security assessments to perform additional reconnaissance.
- the RA tool 102 can identify additional information about the network environment 104 .
- the RA tool 102 can identify additional network information (e.g. network addresses, network address ranges, hostnames, etc.), names of additional personnel associated with the network environment 104 , and the like. If additional information is identified, the RA tool 102 can be configured to perform reconnaissance based on the additional information in order to identify additional parts of the attack surface of the network environment 104 . If the additional parts of the attack surface are identified, the RA tool 102 can be configured to select and perform security assessments on the additional attack surface.
- additional network information e.g. network addresses, network address ranges, hostnames, etc.
- the RA tool 102 can be configured to perform reconnaissance based on the additional information in order to identify additional parts of the attack surface of the network environment 104 . If the additional parts of the attack surface are identified, the RA tool 102 can be configured to select and perform security assessments
- the RA tool 102 can perform additional reconnaissance on the partner networks 123 based on the discovered reference to determine additional parts of the attack surface and perform additional security assessments.
- the RA tool 102 can be configured to iteratively perform any of number of additional reconnaissance and security assessments if any additional information is discovered. For example, if further information is identified during the additional reconnaissance and security assessments, the RA tool 102 can again perform further reconnaissance and security assessments based on the further information.
- the RA tool 102 can be configured as an application program that is capable of being stored on and executed by a computing system, whether part of the network environment 104 or external to the network environment 104 .
- the RA tool 102 can be written in a variety of programming languages, such as JAVA, C++, Python code, Visual Basic, hypertext markup language (HTML), extensible markup language (XML), and the like to accommodate a variety of operating systems, computing system architectures, etc.
- the RA tool 102 can be implemented and executed on any of the computing systems of network environment 104 .
- the RA tool 102 can be implemented and executed on a remote computing system connected to the network environment 104 by the network 122 .
- the RA tool 102 can be stored on any type of computer readable storage medium, such as hard drives, optical storage, system memory, and the like, of the computing systems.
- FIG. 2 is a block diagram of an exemplary configuration of the RA tool 102 .
- the RA tool 102 can include a console module 205 , a reconnaissance module 210 , and an assessment module 215 . While FIG. 2 illustrates various components of the RA tool 102 , one skilled in the art will realize that existing components can be removed or additional components added.
- the console module 205 can be configured to provide an interface 220 to the RA tool 102 .
- the console module 205 can be configured to generate the interface 220 that allows a user to initiate the RA tool 102 , operate the RA tool 102 , such as enter base information about the network environment 104 , select reconnaissance procedures, select security assessments, etc., and receive information generated by the RA tool 102 , such as the attack surface of the network environment 104 and results of the security assessments.
- the console module 205 can be configured to include the necessary logic, commands, instructions and routines to generate and communicate with GUIs and/or command line interfaces.
- the console module 205 can be configured include the necessary logic, commands, instructions and routines to output information in other formats, such as email, HTML document, text or word processing document, and the like.
- the console module 205 can communicate with the reconnaissance module 210 .
- the reconnaissance module 210 can be configured to perform the reconnaissance procedures and/or to utilize and communicate with the reconnaissance agents in order to identify the attack surface of the network environment 104 .
- the reconnaissance module 210 can be configured to include the necessary logic, commands, instructions and routines to communicate with a reconnaissance database 225 .
- the reconnaissance database 225 can be configured to store the reconnaissance procedures and reconnaissance agents utilized by the RA tool 102 .
- the reconnaissance module 210 can be configured to include the necessary logic, commands, instructions and routines to communicate with the network environment 104 , the third party databases 124 , the third party search engines 126 , and the partner networks 123 to perform the reconnaissance procedures and to utilize the reconnaissance agents.
- the console module 205 and the reconnaissance module 210 can be configured to communicate with the assessment module 215 .
- the assessment module 215 can be configured to perform security assessments on any part of the attack surface identified by the reconnaissance module 210 .
- the assessment module 215 can be configured to include the necessary logic, commands, instructions and routines to communicate with an assessment database 230 .
- the assessment database 230 can be configured to store the security assessments utilized by the RA tool 102 .
- the assessment database 230 can also be configured to store the types of the parts of the attack surface that are associated with the stored security assessments.
- the assessment module 215 can be configured to include the necessary logic, commands, instructions and routines to search the assessment database 230 to identify the security assessments that match the types of the parts of the attack surface and to automatically select appropriate security assessments that match the types of the parts of the attack surface. Likewise, the assessment module 215 can be configured to include the necessary logic, commands, instructions and routines to communicate with the network environment 104 to perform the security assessments.
- the assessment module 215 can be configured to utilize heuristics and expert systems to automatically select the appropriate security assessments that best match the types of the parts of the attack surface.
- the assessment module 215 can be configured to include the necessary logic, commands, instructions and routines to perform analysis based on heuristics and expert systems techniques, algorithms, and rules in order to automatically select the appropriate security assessments that best match the types of the parts of the attack surface.
- the console module 205 , the reconnaissance module 210 , and the assessment module 215 can be implemented in a single application program capable of executing on a computing systems of environment 100 .
- the console module 205 , the reconnaissance module 210 , and the assessment module 215 can be implanted as separate application programs that are capable of executing on separate computing systems of the environment 100 .
- the RA tool 102 can be stored any type of computer readable storage medium, such as hard drives, optical storage, system memory, and the like, of the computing systems of the environment 100 .
- FIG. 3 is a flow diagram that illustrates an exemplary process by which RA tool 102 can reconnaissance and security assessments on the network environment 104 .
- the process can begin.
- the RA tool 102 can base information about the network environment 104 to be assessed for security threats.
- the base information can include any basic information that describes the network environment 104 .
- the base information can include a name of the entity associated with the network environment 104 (e.g. company or corporation name), names of personnel using the network environment 104 (e.g. essential employees names), basic network information for the network environment 104 (e.g. key network addresses, key hostnames, key network address ranges, etc).
- the RA tool 102 can be configured to receive the base information from a person associated with the network environment 104 , for example, an administrator of the network environment 104 .
- the RA tool 102 can perform the reconnaissance on the network environment 104 .
- the RA tool 102 can utilize reconnaissance procedures and agents on the network environment 104 and utilize reconnaissance procedures and agents on other sources external to the network environment 104 in order to identify the attack surface of the network environment 104 .
- the reconnaissance procedures and agents can include procedures and agents that determine the attack surface by scanning, searching, querying the computing systems and network hardware of the network environment 104 .
- the reconnaissance procedures can include performing network analysis on the structure of the network environment 104 (e.g. BGP maps analysis, traceroutes, web crawling, wireless access point search, etc.) to identify all the computing systems and network hardware of the network environment 104 .
- the reconnaissance procedures can include searching the computing systems and network hardware to identify any services and information (e.g. websites, email addresses) hosted by the network environment 104 .
- the reconnaissance agents can include software programs or code that execute on the computing systems and network hardware of the network environment 104 (e.g. network taps, phishing agents) to identify attack surface of the network environment 104 .
- the RA tool 102 can utilize reconnaissance procedures and agents on other sources external to the network environment 104 based on the base information in order to identify the attack surface of the network environment 104 .
- the external sources can be third party databases 124 and search engines 126 (e.g. Linkedin, Google, Facebook, whois, etc.) that can include information about the attack surface of the network environment 104 .
- the RA tool 102 can search the third party databases 124 and the search engines 126 based on the name of the entity and personnel associated with the entity in order to identify parts of the attack surface such as websites, email addresses, etc.
- the external sources can also be the partner networks 123 that can provide computing services to the network environment 104 .
- the reconnaissance procedures can include performing network analysis on the structure of the network environment 104 to identify any computing services provided by the partner networks 123 .
- the reconnaissance procedures can include searching the partner networks 123 to identify any services and information (e.g. websites, email addresses) hosted by the partner networks 123 .
- the reconnaissance agents can include software programs or code that executes on the partner networks 123 to identify the attack surface of the network environment 104 .
- the RA tool 102 can identify the attack surface of the network environment.
- the attack surface of the network environment 104 includes any access point, component, software, data, and the like of the network environment 104 , which potentially poses a security risk to the network environment 104 , by allowing an attacker to potentially gain access to the network environment 104 .
- the attack surface of the network environment 104 can include the computing systems (e.g. file servers 106 , web servers 108 , application servers 110 , database servers 112 , email servers 113 , computing systems 114 , computing systems 116 , etc.) and network hardware (e.g. gateway 118 , wireless access point 120 , etc.) of the network environment 104 .
- the attack surface of the network environment 104 can also include the software installed and/or stored on the computing systems and network hardware of the network environment 104 . Additionally, the attack surface of the network environment 104 can include services and information that are hosted and maintained by the computing systems and network hardware, such as web pages, email addresses, network forums, and the like. Also, the attack surface of the network environment 104 can include the computing services provided by the one or more partner networks 123 .
- the RA tool 102 can perform security assessments on the attack surface.
- the RA tool 102 can select and perform the security assessments that match a type of a part of the attack surface. For example, if the RA tool 102 identifies a website connected to the network environment 104 , the RA tool 102 can select a web scanner and a vulnerability assessment scanner to assess the identified website.
- the RA tool 102 can select and perform any type of known security assessments on the attack surface, such as web scanner, vulnerability assessment scanners, penetration testing tools, data leakage prevention tools, social engineering penetration test, and the like.
- the RA tool 102 can automatically select and perform security assessments on the attack surface.
- the RA tool 102 can display the attack surface of the network environment 104 and the available security assessments to perform on the attack surface to the user of the RA tool 102 , and the user of the RA tool 102 can select the security assessments to be performed.
- the RA tool 102 can determine if additional information was identified during the security assessment. If additional information was identified, the RA tool 102 can perform additional reconnaissance and security assessments based on additional information determined during the security assessments. During the security assessment, the RA tool 102 can identify additional information about the network environment 104 . For example, the RA tool 102 can identify additional network information (e.g. network addresses, network address ranges, hostnames, etc.), names of additional personnel associated with the network environment 104 , and the like. If additional information is identified, the RA tool 102 can perform reconnaissance based on the additional information in order to identify additional parts of the attack surface of the network environment 104 . If additional parts of the attack surface are identified, the RA tool 102 can select and perform security assessments on the additional parts of the attack.
- additional network information e.g. network addresses, network address ranges, hostnames, etc.
- the RA tool 102 can perform reconnaissance based on the additional information in order to identify additional parts of the attack surface of the network environment 104 . If additional
- the process can end, return to any point or repeat.
- FIG. 4 illustrates an exemplary block diagram of a computing system 400 which can be implemented to store and execute the RA tool 102 according to various embodiments.
- the RA tool 102 can be stored and executed on the computing system 400 in order to perform the process described above.
- the computing systems 400 can represent an example of any computing systems in the environment 100 . While FIG. 4 illustrates various components of the computing system 400 , one skilled in the art will realize that existing components can be removed or additional components can be added.
- the computing system 400 can include one or more processors, such as processor 402 that provide an execution platform for embodiments of the RA tool 102 . Commands and data from the processor 402 are communicated over a communication bus 404 .
- the computing system 400 can also include a main memory 406 , for example, one or more computer readable storage media such as a Random Access Memory (RAM), where the RA tool 102 and other application programs, such as an operating system (OS) can be executed during runtime, and can include a secondary memory 408 .
- RAM Random Access Memory
- the secondary memory 408 can include, for example, one or more computer readable storage media or devices such as a hard disk drive 410 and/or a removable storage drive 412 , representing a floppy diskette drive, a magnetic tape drive, a compact disk drive, etc., where a copy of a application program embodiment for the RA tool 102 can be stored.
- the removable storage drive 412 reads from and/or writes to a removable storage unit 414 in a well-known manner.
- the computing system 400 can also include a network interface 416 in order to connect with any type of network, whether wired or wireless.
- a user can interface with the computing system 400 and operate the RA tool 102 with a keyboard 418 , a mouse 420 , and a display 422 .
- the computing system 400 can include a display adapter 424 .
- the display adapter 424 can interface with the communication bus 404 and the display 422 .
- the display adapter 424 can receive display data from the processor 402 and convert the display data into display commands for the display 422 .
- the computer program may exist in a variety of forms both active and inactive.
- the computer program can exist as software program(s) comprised of program instructions in source code, object code, executable code or other formats; firmware program(s); or hardware description language (HDL) files.
- Any of the above can be embodied on a computer readable medium, which include computer readable storage devices and media, and signals, in compressed or uncompressed form.
- Exemplary computer readable storage devices and media include conventional computer system RAM (random access memory), ROM (read-only memory), EPROM (erasable, programmable ROM), EEPROM (electrically erasable, programmable ROM), and magnetic or optical disks or tapes.
- Exemplary computer readable signals are signals that a computer system hosting or running the present teachings can be configured to access, including signals downloaded through the Internet or other networks.
- Concrete examples of the foregoing include distribution of executable software program(s) of the computer program on a CD-ROM or via Internet download.
- the Internet itself, as an abstract entity, is a computer readable medium. The same is true of computer networks in general.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/980,524 US10447709B2 (en) | 2010-12-29 | 2010-12-29 | Methods and systems for integrating reconnaissance with security assessments for computing networks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/980,524 US10447709B2 (en) | 2010-12-29 | 2010-12-29 | Methods and systems for integrating reconnaissance with security assessments for computing networks |
Publications (2)
Publication Number | Publication Date |
---|---|
US20120174228A1 US20120174228A1 (en) | 2012-07-05 |
US10447709B2 true US10447709B2 (en) | 2019-10-15 |
Family
ID=46382044
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/980,524 Active US10447709B2 (en) | 2010-12-29 | 2010-12-29 | Methods and systems for integrating reconnaissance with security assessments for computing networks |
Country Status (1)
Country | Link |
---|---|
US (1) | US10447709B2 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200012796A1 (en) * | 2018-07-05 | 2020-01-09 | Massachusetts Institute Of Technology | Systems and methods for risk rating of vulnerabilities |
US20220014561A1 (en) * | 2015-10-28 | 2022-01-13 | Qomplx, Inc. | System and methods for automated internet-scale web application vulnerability scanning and enhanced security profiling |
US20220014556A1 (en) * | 2015-10-28 | 2022-01-13 | Qomplx, Inc. | Cybersecurity profiling and rating using active and passive external reconnaissance |
US20230106575A1 (en) * | 2021-10-01 | 2023-04-06 | Zerofox, Inc. | Attack surface identification |
Families Citing this family (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2836798A1 (en) * | 2011-06-05 | 2012-12-13 | Core Sdi Incorporated | System and method for providing automated computer security compromise as a service |
EP2962239A4 (en) * | 2013-02-28 | 2016-10-19 | Hewlett Packard Entpr Dev Lp | Determining coverage of dynamic security scans using runtime and static code analyses |
US10216938B2 (en) * | 2014-12-05 | 2019-02-26 | T-Mobile Usa, Inc. | Recombinant threat modeling |
US10367846B2 (en) | 2017-11-15 | 2019-07-30 | Xm Cyber Ltd. | Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign |
US10257220B2 (en) | 2017-01-30 | 2019-04-09 | Xm Cyber Ltd. | Verifying success of compromising a network node during penetration testing of a networked system |
US10068095B1 (en) | 2017-05-15 | 2018-09-04 | XM Cyber Ltd | Systems and methods for selecting a termination rule for a penetration testing campaign |
US10637882B2 (en) * | 2017-01-30 | 2020-04-28 | Xm Cyber Ltd. | Penetration testing of a networked system |
US10686822B2 (en) | 2017-01-30 | 2020-06-16 | Xm Cyber Ltd. | Systems and methods for selecting a lateral movement strategy for a penetration testing campaign |
US10999308B2 (en) | 2017-01-30 | 2021-05-04 | Xm Cyber Ltd. | Setting-up penetration testing campaigns |
US10581802B2 (en) | 2017-03-16 | 2020-03-03 | Keysight Technologies Singapore (Sales) Pte. Ltd. | Methods, systems, and computer readable media for advertising network security capabilities |
US10534917B2 (en) | 2017-06-20 | 2020-01-14 | Xm Cyber Ltd. | Testing for risk of macro vulnerability |
US10574684B2 (en) | 2017-07-09 | 2020-02-25 | Xm Cyber Ltd. | Locally detecting phishing weakness |
US10412112B2 (en) | 2017-08-31 | 2019-09-10 | Xm Cyber Ltd. | Time-tagged pre-defined scenarios for penetration testing |
US10447721B2 (en) | 2017-09-13 | 2019-10-15 | Xm Cyber Ltd. | Systems and methods for using multiple lateral movement strategies in penetration testing |
US10440044B1 (en) | 2018-04-08 | 2019-10-08 | Xm Cyber Ltd. | Identifying communicating network nodes in the same local network |
GB201810294D0 (en) | 2018-06-22 | 2018-08-08 | Senseon Tech Ltd | Cybe defence system |
US11438357B2 (en) | 2018-06-22 | 2022-09-06 | Senseon Tech Ltd | Endpoint network sensor and related cybersecurity infrastructure |
GB2602254B (en) | 2020-12-15 | 2023-04-05 | Senseon Tech Ltd | Network traffic monitoring |
GB201812171D0 (en) * | 2018-07-26 | 2018-09-12 | Senseon Tech Ltd | Cyber defence system |
US10382473B1 (en) | 2018-09-12 | 2019-08-13 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
WO2020089698A1 (en) | 2018-11-04 | 2020-05-07 | Xm Cyber Ltd. | Using information about exportable data in penetration testing |
WO2020121078A1 (en) | 2018-12-13 | 2020-06-18 | Xm Cyber Ltd. | Systems and methods for dynamic removal of agents from nodes of penetration testing systems |
WO2020161532A1 (en) | 2019-02-06 | 2020-08-13 | Xm Cyber Ltd. | Taking privilege escalation into account in penetration testing campaigns |
US11283827B2 (en) | 2019-02-28 | 2022-03-22 | Xm Cyber Ltd. | Lateral movement strategy during penetration testing of a networked system |
US11206281B2 (en) | 2019-05-08 | 2021-12-21 | Xm Cyber Ltd. | Validating the use of user credentials in a penetration testing campaign |
US10637883B1 (en) | 2019-07-04 | 2020-04-28 | Xm Cyber Ltd. | Systems and methods for determining optimal remediation recommendations in penetration testing |
US10880326B1 (en) | 2019-08-01 | 2020-12-29 | Xm Cyber Ltd. | Systems and methods for determining an opportunity for node poisoning in a penetration testing campaign, based on actual network traffic |
US11533329B2 (en) | 2019-09-27 | 2022-12-20 | Keysight Technologies, Inc. | Methods, systems and computer readable media for threat simulation and threat mitigation recommendations |
GB201915265D0 (en) | 2019-10-22 | 2019-12-04 | Senseon Tech Ltd | Anomaly detection |
US11005878B1 (en) | 2019-11-07 | 2021-05-11 | Xm Cyber Ltd. | Cooperation between reconnaissance agents in penetration testing campaigns |
US11575700B2 (en) | 2020-01-27 | 2023-02-07 | Xm Cyber Ltd. | Systems and methods for displaying an attack vector available to an attacker of a networked system |
US11582256B2 (en) | 2020-04-06 | 2023-02-14 | Xm Cyber Ltd. | Determining multiple ways for compromising a network node in a penetration testing campaign |
US11989308B2 (en) * | 2021-05-27 | 2024-05-21 | EMC IP Holding Company LLC | Method to intelligently manage the end to end container compliance in cloud environments |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030188189A1 (en) * | 2002-03-27 | 2003-10-02 | Desai Anish P. | Multi-level and multi-platform intrusion detection and response system |
US20040102923A1 (en) * | 2002-11-27 | 2004-05-27 | Tracy Richard P. | Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing continuous risk assessment |
US20040172557A1 (en) * | 2002-08-20 | 2004-09-02 | Masayuki Nakae | Attack defending system and attack defending method |
US20050235358A1 (en) * | 2004-04-15 | 2005-10-20 | International Business Machines Corporation | Server denial of service shield |
US20050265351A1 (en) * | 2004-05-27 | 2005-12-01 | Hewlett-Packard Development Company, L.P. | Network administration |
US20070214151A1 (en) * | 2005-11-28 | 2007-09-13 | Threatmetrix Pty Ltd | Method and System for Processing a Stream of Information From a Computer Network Using Node Based Reputation Characteristics |
US20080127338A1 (en) * | 2006-09-26 | 2008-05-29 | Korea Information Security Agency | System and method for preventing malicious code spread using web technology |
US7908660B2 (en) * | 2007-02-06 | 2011-03-15 | Microsoft Corporation | Dynamic risk management |
US20110093955A1 (en) * | 2009-10-19 | 2011-04-21 | Bank Of America Corporation | Designing security into software during the development lifecycle |
US8239668B1 (en) * | 2009-04-15 | 2012-08-07 | Trend Micro Incorporated | Computer security threat data collection and aggregation with user privacy protection |
US8484725B1 (en) * | 2005-10-26 | 2013-07-09 | Mcafee, Inc. | System, method and computer program product for utilizing a threat scanner for performing non-threat-related processing |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6906350B2 (en) * | 2001-10-24 | 2005-06-14 | Cree, Inc. | Delta doped silicon carbide metal-semiconductor field effect transistors having a gate disposed in a double recess structure |
AR054821A1 (en) * | 2006-07-06 | 2007-07-18 | Rosario Bus S A | PROVISION FOR INFORMATION, POSITIONING CONTROL AND PASSENGER TRANSPORTATION VEHICLE SCHEDULE. |
-
2010
- 2010-12-29 US US12/980,524 patent/US10447709B2/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030188189A1 (en) * | 2002-03-27 | 2003-10-02 | Desai Anish P. | Multi-level and multi-platform intrusion detection and response system |
US20040172557A1 (en) * | 2002-08-20 | 2004-09-02 | Masayuki Nakae | Attack defending system and attack defending method |
US20040102923A1 (en) * | 2002-11-27 | 2004-05-27 | Tracy Richard P. | Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing continuous risk assessment |
US20050235358A1 (en) * | 2004-04-15 | 2005-10-20 | International Business Machines Corporation | Server denial of service shield |
US20050265351A1 (en) * | 2004-05-27 | 2005-12-01 | Hewlett-Packard Development Company, L.P. | Network administration |
US8484725B1 (en) * | 2005-10-26 | 2013-07-09 | Mcafee, Inc. | System, method and computer program product for utilizing a threat scanner for performing non-threat-related processing |
US20070214151A1 (en) * | 2005-11-28 | 2007-09-13 | Threatmetrix Pty Ltd | Method and System for Processing a Stream of Information From a Computer Network Using Node Based Reputation Characteristics |
US20080127338A1 (en) * | 2006-09-26 | 2008-05-29 | Korea Information Security Agency | System and method for preventing malicious code spread using web technology |
US7908660B2 (en) * | 2007-02-06 | 2011-03-15 | Microsoft Corporation | Dynamic risk management |
US8239668B1 (en) * | 2009-04-15 | 2012-08-07 | Trend Micro Incorporated | Computer security threat data collection and aggregation with user privacy protection |
US20110093955A1 (en) * | 2009-10-19 | 2011-04-21 | Bank Of America Corporation | Designing security into software during the development lifecycle |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220014561A1 (en) * | 2015-10-28 | 2022-01-13 | Qomplx, Inc. | System and methods for automated internet-scale web application vulnerability scanning and enhanced security profiling |
US20220014556A1 (en) * | 2015-10-28 | 2022-01-13 | Qomplx, Inc. | Cybersecurity profiling and rating using active and passive external reconnaissance |
US11750659B2 (en) * | 2015-10-28 | 2023-09-05 | Qomplx, Inc. | Cybersecurity profiling and rating using active and passive external reconnaissance |
US12041091B2 (en) * | 2015-10-28 | 2024-07-16 | Qomplx Llc | System and methods for automated internet- scale web application vulnerability scanning and enhanced security profiling |
US20200012796A1 (en) * | 2018-07-05 | 2020-01-09 | Massachusetts Institute Of Technology | Systems and methods for risk rating of vulnerabilities |
US11036865B2 (en) * | 2018-07-05 | 2021-06-15 | Massachusetts Institute Of Technology | Systems and methods for risk rating of vulnerabilities |
US20230106575A1 (en) * | 2021-10-01 | 2023-04-06 | Zerofox, Inc. | Attack surface identification |
US11888873B2 (en) * | 2021-10-01 | 2024-01-30 | Zerofox, Inc. | Attack surface identification |
Also Published As
Publication number | Publication date |
---|---|
US20120174228A1 (en) | 2012-07-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10447709B2 (en) | Methods and systems for integrating reconnaissance with security assessments for computing networks | |
US10546134B2 (en) | Methods and systems for providing recommendations to address security vulnerabilities in a network of computing systems | |
US12034746B2 (en) | Systems and methods for automated retrieval, processing, and distribution of cyber-threat information | |
US11831785B2 (en) | Systems and methods for digital certificate security | |
EP3128459B1 (en) | System and method of utilizing a dedicated computer security service | |
US10771492B2 (en) | Enterprise graph method of threat detection | |
US9846780B2 (en) | Automated vulnerability intelligence generation and application | |
US8347396B2 (en) | Protect sensitive content for human-only consumption | |
US8776168B1 (en) | Applying security policy based on behaviorally-derived user risk profiles | |
US20170026401A1 (en) | System and method for threat visualization and risk correlation of connected software applications | |
US8601114B1 (en) | Method, system and computer program product for interception, quarantine and moderation of internal communications of uncontrolled systems | |
JP2019082989A (en) | Systems and methods of cloud detection, investigation and elimination of targeted attacks | |
US11082445B1 (en) | Preventing phishing attacks via document sharing | |
US9473531B2 (en) | Endpoint traffic profiling for early detection of malware spread | |
US10887261B2 (en) | Dynamic attachment delivery in emails for advanced malicious content filtering | |
Serketzis et al. | Actionable threat intelligence for digital forensics readiness | |
Karbab et al. | Automatic investigation framework for android malware cyber-infrastructures | |
Mokhov et al. | Automating MAC spoofer evidence gathering and encoding for investigations | |
RU2778635C1 (en) | System and method for outside control of the cyberattack surface | |
RU2825724C1 (en) | Search for security problems in software and operating systems in public clouds | |
JP6900328B2 (en) | Attack type determination device, attack type determination method, and program | |
US11374959B2 (en) | Identifying and circumventing security scanners | |
Abbas et al. | Forensic artifacts modeling for social media client applications to enhance investigatory learning mechanisms | |
Balaji et al. | Detecting Vulnerabilities Using Open-Source Intelligence |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SILICON VALLEY BANK, MASSACHUSETTS Free format text: SECURITY AGREEMENT;ASSIGNOR:RAPID7 LLC;REEL/FRAME:031870/0367 Effective date: 20131227 |
|
AS | Assignment |
Owner name: SILICON VALLEY BANK, MASSACHUSETTS Free format text: SECURITY AGREEMENT;ASSIGNOR:RAPID7 LLC;REEL/FRAME:031872/0199 Effective date: 20131227 |
|
AS | Assignment |
Owner name: RAPID7 LLC, MASSACHUSETTS Free format text: FULL RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:SILICON VALLEY BANK;REEL/FRAME:037233/0889 Effective date: 20151207 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
FEPP | Fee payment procedure |
Free format text: PETITION RELATED TO MAINTENANCE FEES GRANTED (ORIGINAL EVENT CODE: PTGR); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: RAPID7, INC., MASSACHUSETTS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LI, RICHARD;LODER, CHAD;GIAKOUMINAKIS, ANASTASIOS;SIGNING DATES FROM 20181214 TO 20190201;REEL/FRAME:048419/0897 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: KEYBANK NATIONAL ASSOCIATION, OHIO Free format text: INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:RAPID7 LLC;REEL/FRAME:052487/0013 Effective date: 20200423 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |